package com.google.android.volley.elegant;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.scheme.SocketFactory;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;

public class ElegantSSLSocketFactory implements SocketFactory, LayeredSocketFactory {

    private SSLContext sslcontext = null;
    private static final ElegantSSLSocketFactory DEFAULT_FACTORY = new ElegantSSLSocketFactory();

    private static SSLContext createElegantSSLContext() throws IOException {
        try {
            SSLContext context = SSLContext.getInstance( "TLS");
            context.init( null, new TrustManager[]{new ElegantX509TrustManager( null)}, null);
            return context;
        } catch(Exception e) {
            throw new IOException( e.getMessage());
        }
    }

    private SSLContext getSSLContext() throws IOException {
        if(this.sslcontext == null) {
            this.sslcontext = createElegantSSLContext();
        }
        return this.sslcontext;
    }

    public Socket connectSocket(Socket sock, String host, int port, InetAddress localAddress, int localPort, HttpParams params)
        throws IOException, UnknownHostException, ConnectTimeoutException {
        int connTimeout = HttpConnectionParams.getConnectionTimeout( params);
        int soTimeout = HttpConnectionParams.getSoTimeout( params);

        InetSocketAddress remoteAddress = new InetSocketAddress( host, port);
        SSLSocket sslsock = (SSLSocket)((sock != null) ? sock : createSocket());

        if((localAddress != null) || (localPort > 0)) {
            // we need to bind explicitly
            if(localPort < 0) {
                localPort = 0; // indicates "any"
            }
            InetSocketAddress isa = new InetSocketAddress( localAddress, localPort);
            sslsock.bind( isa);
        }

        sslsock.connect( remoteAddress, connTimeout);
        sslsock.setSoTimeout( soTimeout);
        return sslsock;

    }

    public Socket createSocket() throws IOException {
        return getSSLContext().getSocketFactory().createSocket();
    }

    public boolean isSecure(Socket socket) throws IllegalArgumentException {
        return true;
    }

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket( socket, host, port, autoClose);
    }

    // -------------------------------------------------------------------
    // javadoc in org.apache.http.conn.scheme.SocketFactory says :
    // Both Object.equals() and Object.hashCode() must be overridden
    // for the correct operation of some connection managers
    // -------------------------------------------------------------------

    public boolean equals(Object obj) {
        return((obj != null) && obj.getClass().equals( ElegantSSLSocketFactory.class));
    }

    public int hashCode() {
        return ElegantSSLSocketFactory.class.hashCode();
    }

    public static ElegantSSLSocketFactory getSocketFactory() {
        return DEFAULT_FACTORY;
    }
}

class ElegantX509TrustManager implements X509TrustManager {

    private X509TrustManager standardTrustManager = null;

    public ElegantX509TrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException {
        super();
        TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm());
        factory.init( keystore);
        TrustManager[] trustmanagers = factory.getTrustManagers();
        if(trustmanagers.length == 0) {
            throw new NoSuchAlgorithmException( "no trust manager found");
        }
        this.standardTrustManager = (X509TrustManager)trustmanagers[0];
    }

    public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        standardTrustManager.checkClientTrusted( certificates, authType);
    }

    public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
        if((certificates != null) && (certificates.length == 1)) {
            certificates[0].checkValidity();
        }
        else {
            standardTrustManager.checkServerTrusted( certificates, authType);
        }
    }

    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }
}
